NAME

       aesni — driver for the AES accelerator on Intel CPUs

SYNOPSIS

       To compile this driver into the kernel, place the following lines in your kernel configuration file:

             device crypto
             device aesni

       Alternatively, to load the driver as a module at boot time, place the following line in loader.conf(5):

             aesni_load="YES"

DESCRIPTION

       Starting  with  some  models  of  Core i5/i7, Intel processors implement a new set of instructions called
       AESNI.  The set of six instructions accelerates the calculation of the key schedule for  key  lengths  of
       128,  192,  and  256  of the Advanced Encryption Standard (AES) symmetric cipher, and provides a hardware
       implementation of the regular and the last encryption and decryption rounds.

       The processor capability is reported as AESNI in the Features2 line at boot.  The aesni driver  does  not
       attach on systems that lack the required CPU capability.

       The  aesni  driver  registers  itself  to  accelerate  AES  operations for crypto(4).  Besides speed, the
       advantage of using the aesni driver is that the AESNI operation  is  data-independent,  thus  eliminating
       some  attack  vectors  based  on  measuring  cache  use  and  timings  typically  present in table-driven
       implementations.

SEE ALSO

       crypt(3), crypto(4), intro(4), ipsec(4), padlock(4), random(4), crypto(9)

HISTORY

       The aesni driver first appeared in FreeBSD 9.0.

AUTHORS

       The aesni driver was written by Konstantin Belousov <kib@FreeBSD.org>.  The key schedule calculation code
       was adopted from the sample provided by Intel and used in the analogous OpenBSD driver.

Debian                                          September 6, 2010                                       AESNI(4)